Re: Why does Sprint have address filters again?

[Karl Denninger <karl () mcs net>]

On Thu, May 28, 1998 at 10:40:03AM -0400, Jay R. Ashworth wrote:
> On Wed, May 27, 1998 at 08:08:57PM -0500, Karl Denninger wrote:
> [ Karl asks a bunch of cogent questions and then scares the shit out of
>   me by following up with: ]
> > [This is a request as an ARIN AC member, who has tried to get a lot of 
> > these kinds of questions answered from officers and trustees of ARIN]
>
> Would it be out of line for me to ask why you are having so much
> difficulty _getting_ answers to these questions that you need to ask
> them here?  This whole ARIN thing is starting to smell somewhat like the
> InterNIC does...

ARIN has asserted that individual members (and in fact individual AC members)
don't have a right to have these types of questions answered.

It is my counter-assertion that IF ARIN is going to act as a custodian of
an essential facility (which it is), in the public interest (which is
currently open and in debate), that not only do the AC and membership have
these rights, but the general public has the right to full transparency
within ARIN's operation.

IMHO the network operators within ARIN's "sphere of influence" should 
consider "waking up" and making their opinions known about this and related
sets of issues having to do with IPv4 allocation.  

If there is a set of "affected organizations" which should be fully aware
of and involved in this, its the NANOG group.

Two places to do so are "arin-members () arin net", and "arin-council () arin net",
which are the mailing lists for the membership and AC, respectively.

Those who find themselves embargoed from posting to either are welcome to 
ask me to forward material for them; as both an AC member, and an ARIN 
member, I have the right to post to both.

The only way the questions will be resolved is if the debate is deemed
important by those who are impacted by ARIN - which is, virtually without 
exception, an intersecting set within the NANOG community.

It would also be a good idea to read the ARIN bylaws (available on their web
site) and note carefully the lack of any real, functional oversight by the
membership (ie: the membership cannot recall an AC member, a board member,
or a corporate officer, either directly or indirectly).

Then surf over to the CIX web site and read THEIR bylaws.  Compare the two,
and draw your own conclusions.

Both are, by the way, 501c(6) organizations.  

--
-- 
Karl Denninger (karl () MCS Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcFrom owner-nanog () merit edu  Thu May 28 14:53:42 1998
Received: from merit.edu (merit.edu [198.108.1.42])
        by nic.merit.edu (8.8.7/8.8.7) with ESMTP id OAA26458
        for <hyper_nanog () nic merit net>; Thu, 28 May 1998 14:53:42 -0400 (EDT)
Received: from localhost (daemon@localhost)
        by merit.edu (8.8.7/8.8.5) with SMTP id OAA26731;
        Thu, 28 May 1998 14:42:54 -0400 (EDT)
Received: by merit.edu (bulk_mailer v1.5); Thu, 28 May 1998 14:12:21 -0400
Received: (from majordom@localhost)
        by merit.edu (8.8.7/8.8.5) id OAA25214
        for nanog-outgoing; Thu, 28 May 1998 14:12:14 -0400 (EDT)
Received: from netra.graphnet.com (netra.graphnet.com [192.206.112.2])
        by merit.edu (8.8.7/8.8.5) with ESMTP id OAA25189
        for <nanog () merit edu>; Thu, 28 May 1998 14:11:38 -0400 (EDT)
Received: from graphnet.com (dana.graphnet.com [192.206.112.98])
        by netra.graphnet.com (8.8.8/8.8.6) with ESMTP id OAA04793
        for <nanog () merit edu>; Thu, 28 May 1998 14:11:25 -0400 (EDT)
Message-ID: <356DA8DD.85E5030C () graphnet com>
Date: Thu, 28 May 1998 14:11:41 -0400
From: "Mr. Dana Hudes" <dhudes () graphnet com>
Organization: Graphnet Inc.
X-Mailer: Mozilla 4.04 [en] (WinNT; U)
MIME-Version: 1.0
To: nanog () merit edu
Subject: Re: ingress filtering
References: <Pine.GSO.3.96.980528134840.18837P-100000 () nsa ecosoft com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-nanog () merit edu

I have more than 2 routers and less than 100. One thing I've
found
with some source addresses of mine coming from the upstream is
packets in a piece of PA space. For example, I have some
addresses
from my own PA /19 and some in /20 from UUNET. My UUNET /20 is
part of a /11 of theirs. So if packets of mine come into my
router
but have no more-specific route from my IGP then off they go to
UUNET.
UUNET throws them back at me.  The solution is a static blackhole
for the announcement. somehow all this was easier with GateD,
which
made the blackhole for me automatically -- or maybe its fond but
hazily wrong memories. In any case, the blackhole routes for ones
own allocations help block wayward packets.
Now if I could make those blackholes properly propagate in
OSPF....

Dana

Brian Horvitz wrote:
> I have the luxury of being able to filter for source address at my ingress
> points on only two routers.  That makes it relatively easy to do.  I find
> a surprising number of packets with source addresses from inside my
> network or from the private IP space.
>
>   Brian
>
> On Thu, 28 May 1998, Mr. Dana Hudes wrote:
>
> > Who *does* do ingress filtering? I have it on our border routers
> > and customer connect ports. We have transit from MCI and UUNET.
> > Neither has ingress filters -- see below message from MCI on
> > this.
> > The result of course is that spammers and other bad guys can try
> > to attack your systems with forged source IP addresses.
> > Random strange people in the 'net send "NETBIOS name service"
> > (port 137) packets to my unix mail relay, which of course ignores
> > them.
> > Other such fun things continue to be seen in the logs.
> >
> >
> > Subject: Re: RFC1918 addresses from MCI
> >    Date: Thu, 28 May 1998 08:16:23 -0700
> >    From: security () mci net
> >       To: dhudes () graphnet com
> >      CC: security () mci net
> >
> > Mr. Hudes,
> >
> >
> > Thank you for your note.  MCI does not currently source filter
> > address
> > space at it's ingress points.  Addresses sourced from
> > non-routable or
> > invalid addresses are not blocked or filtered.  Addresses
> > destined to
> > non-routable addresses spaced are not routed.
> >
> > If you think it is a security issue and it is on-going then
> > please
> > contact us with the target address so we can investigate.
> >
> >
> > Regards,
> >
> >
> > -Julian Min

s.net/          | T1's from $600 monthly / All Lines K56Flex/DOV
                             | NEW! Corporate ISDN Prices dropped by up to 50%!
Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS
Fax:   [+1 312 803-4929]     | *SPAMBLOCK* Technology now included at no cost